In general, computer-based devices include hardware elements and software elements. The hardware elements, and certain software elements, may be collectively referred to as a “platform,” and include elements such as processors, memory, interfaces such as network interfaces and display interfaces, and other such hardware elements, as well as certain software elements, such as an operating system. The software elements are used to cause the hardware elements to perform various functions. In some cases, separate entities create a platform and software for the platform. For example, an entity that creates a platform (referred to as a platform developer or a platform producer) may provide a software development kit (SDK) to entities that develop software for that platform. The entities that develop the software may further distribute the software to customers who purchase the platform and the software.
In some cases, the entity that created the platform may require that software developed by third parties be authenticated prior to being executed by the platform. Digital signatures and digital certificates are two mechanisms commonly used for purposes of authentication and verification within a computing environment. A digital signature is a processed version of a message that has been signed using encryption and decryption techniques, including the use of a private key of a sending device. To verify the digital signature, a receiving device applies a public key of the sending device. The receiving device may retrieve the public key directly from the sending device in the form of a certificate or from a trusted third party. A digital signature created with the private key of a mutually trusted third party, that is, a certification authority, ensures the integrity of the sending device's certificate.
In this manner, customers who purchase and deploy the platform can be assured that they are utilizing software from a legitimate source. Typically, the platform will be designed to ensure that software is signed by a trusted entity before installing and executing the software. The platform may, for example, authenticate the software using a chain of trust leading up to the certificate authority associated with the platform producer. That is, all software that is to be executed on the platform must conform to this requirement that the software can be authenticated up through the chain of trust back to a certificate authority for the platform producer. To accelerate authentication, a platform often maintains an internal trust store that lists the certification authorities trusted by the platform. For example, a platform may utilize the internal trust store to authenticate a software package prior to installing the software package to ensure that the software package originates from a trustworthy source and has not been altered.
Certain conventional techniques for signing software include issuing a certificate, including a code-signing key, from the certificate authority of the platform provider to each software developer. Actors within the software development entity, i.e., the third party software developer, sometimes freely share the code-signing key, using the shared certificate to sign software created for the platform. Allowing a code-signing key to be shared among different actors, however, is a violation of security best practices.
Other conventional techniques include having the platform producer, or a certificate authority associated with the platform producer, issue multiple code-signing keys to the software developer, one for each actor within the 3rd party software develop. However, these techniques place a heavy burden on the certificate authority. Moreover, certificate authorities often charge for the service of issuing a certificate, meaning that these techniques lead to increased costs for the software developer.
Still other conventional techniques include the platform developer setting up and maintaining a local signing server on-site within the software developer's enterprise. That is, a single certificate may be issued to the software developer, which may set up a dedicated server for signing software using that certificate. However, in order to satisfy security best practices, such a server should be a stand-alone machine that is dedicated only to the task of signing software with the certificate, which can lead to increased capital expenses. Likewise, the server must be maintained, which can lead to increased operational expenses.
Yet other conventional techniques include sending the software to a remote signing server, such as a server managed by the platform producer. However, these techniques may consume a tremendous amount of bandwidth, in that the entire software package may need to be transmitted to the remote signing server repeatedly throughout the software development cycle. When network throughput is not high enough, this may also lead to increases in latency. Moreover, these techniques may be vulnerable to entropy attacks initiated by malicious users, which may be used to maliciously obtain the private key.